Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

How to patch tcp connection limit?

- - - - -

  • Please log in to reply
19 replies to this topic

#1
melodylife

melodylife

    Newbie

  • Member
  • 11 posts
  • Joined 12-January 06
Hi all, I've installed vista u version. But same as xp, it has limit on connection number,10 at the most. do anyone konw how to patch it to what we r expected?


How to remove advertisement from MSFN

#2
LeveL

LeveL

    Senior Member

  • Member
  • PipPipPipPip
  • 551 posts
  • Joined 30-September 05
I can't actually help you with this but whilst I am here, can
anyone shed any light on whether doing this to peoples
computers is legal or not? I am not talking about patching
TCPIP.SYS - I am talking about what Microsoft are doing.

Your machine is capable of having more than 65,000 open
connections at one time, in other words, your machine, or
any machine used in any company, in general, is capable
of connecting to 65,000+ other machines.

What Microsoft do is limit this from 65,000+ down to just TEN.

Is that legal?

Since it is your hardware they are messing with, do they
even have a legal right to do this to people's machines?

What does a company do when they need to connect to an
11th computer? Look at the productivity losses that this
causes. Do Microsoft have a warning on their so-called
"hotfix" telling people it will limit their connection from
65,000 down to just 10? Even if they did have a warning,
which I highly doubt they do, it would still not make it
legal if it is in fact not legal.

They need to be sued, by every individual.

Edited by LeveL, 10 March 2007 - 08:03 PM.


#3
melodylife

melodylife

    Newbie

  • Member
  • 11 posts
  • Joined 12-January 06
I'll try to replace it with patched tcp.sys in xp.I'm not sure whether can it work

#4
LeveL

LeveL

    Senior Member

  • Member
  • PipPipPipPip
  • 551 posts
  • Joined 30-September 05
Very unlikely - I am almost 100% sure it won't work.

If you're going to do that make sure you save a copy of
TCPIP.SYS somewhere!

Remember, Vista does not have TCPIP.SY_ in an I386 folder
like all other previous versions of Windows - yet another of
the hundreds or even thousands of reasons why I wouldn't
go near Vista with a barge pole.

INSTALL.WIM ?????????????? :blink:

What the hell were Microsoft thinking? Why have they made
Vista so all the files are locked away in a WIM image? They are
complete TOOLS for doing that, how does locking all the files
away in a WIM image help anyone? Just proves really that
Microsoft are obviously not out to help people, I think the
discerning among us can see that.

Edited by LeveL, 10 March 2007 - 08:46 PM.


#5
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,360 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag

I can't actually help you with this but whilst I am here, can
anyone shed any light on whether doing this to peoples
computers is legal or not? I am not talking about patching
TCPIP.SYS - I am talking about what Microsoft are doing.

Your machine is capable of having more than 65,000 open
connections at one time, in other words, your machine, or
any machine used in any company, in general, is capable
of connecting to 65,000+ other machines.

What Microsoft do is limit this from 65,000+ down to just TEN.

Is that legal?

Since it is your hardware they are messing with, do they
even have a legal right to do this to people's machines?

What does a company do when they need to connect to an
11th computer? Look at the productivity losses that this
causes. Do Microsoft have a warning on their so-called
"hotfix" telling people it will limit their connection from
65,000 down to just 10? Even if they did have a warning,
which I highly doubt they do, it would still not make it
legal if it is in fact not legal.

They need to be sued, by every individual.


Aside from LEGAL standpoint, what about TECHNICAL reasons? I'm not familiar with the standards, but where in the world is this limitation defined (apart from Microsoft)? Something like RFC or some ISO page... Anybody knows? Or (what I suspect) did Microsoft completely INVENT this for our own good (as usual)? I haven't heard it exists in any other OS.

I'm talking about the 10 half-open connection limit introduced in XP SP2. Since the original poster said that it's the same in Vista, I have no reason to believe the opposite. Before someone comes up with the usual "it's no big deal" defence, I must say that I have witnessed with my own eyes the impact of this limitation. I had dialup only until recently and this limit devastated P2P programs. As insane as it might seem, they worked quite satisfactory before SP2. This limitation CRIPPLED the NUMBER of PEERS that the program connects to, effectively KILLING P2P programs. I think this extremity (dialup speed) showed the true intent behind this artificial limitation. And let's not forget that, by itself, any P2P program is not necessary illegal. For example, Skype also uses P2P technology (but I don't know if it's affected by this).

The alleged purpose, limiting the speed of spreading of worms/trojans, is quite effectively debunked here.

GL

Edited by GrofLuigi, 11 March 2007 - 05:10 PM.


#6
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag
For the most part it's built-in to keep people from running XP or Vista as a server OS - the server versions of Windows have no such connection limitations, whereas the desktop OS products are limited to 10 connections on purpose mostly for this reason. Microsoft wants you to purchase a server OS version to run on a server (or a workstation you're using as a server, which I guess does make it a server :)).
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#7
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,360 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag

For the most part it's built-in to keep people from running XP or Vista as a server OS - the server versions of Windows have no such connection limitations, whereas the desktop OS products are limited to 10 connections on purpose mostly for this reason. Microsoft wants you to purchase a server OS version to run on a server (or a workstation you're using as a server, which I guess does make it a server :)).


Exactly. But they shouldn't advertize it as a security enhancement.

GL

#8
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag

For the most part it's built-in to keep people from running XP or Vista as a server OS - the server versions of Windows have no such connection limitations, whereas the desktop OS products are limited to 10 connections on purpose mostly for this reason. Microsoft wants you to purchase a server OS version to run on a server (or a workstation you're using as a server, which I guess does make it a server :)).


Exactly. But they shouldn't advertize it as a security enhancement.

GL

Well, I think you're thinking of the limit on OUTBOUND incomplete connections., which is a security enhancement - if not for the user themselves. for the rest of us. There is a limit on COMPLETE outbound connections, but it's around 65,000, and that's actually a 32bit limitation, rather than a Windows limitation.

The 10 connections I was referring to was the 10 INBOUND connection limit, which is designed to get people to purchase a server product for a machine hosting more than 10 inbound connections. The OP (melodylife) did not specify inbound or outbound, so I assumed outbound as the OP did not specifically state that this was about incomplete outbound connections, but connections in general.

In short, there are limitations in Windows client OSes on inbound and outbound connections:
- 10 incoming connections, always enforced
- 10 outbound connections, when connections are considered "incomplete" (half-open)
- 65,536 outbound connections, when connections are considered "complete"
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#9
melodylife

melodylife

    Newbie

  • Member
  • 11 posts
  • Joined 12-January 06
May there be any probability that we replace the tcp.sys with modified one from server edition ?Does it work?I've no server edition.

#10
WRFan

WRFan
  • Member
  • 6 posts
  • Joined 11-March 07
I am also interested in increasing the number of connections. Isn't there any hacker in the entire world who can do it? All you have to do is find the number 10 in hex in the file, change it to 100 and then update the crc. It can't be that difficult! After all, this was accomplished on WinXP!

#11
qwerty12

qwerty12

    Newbie

  • Member
  • 13 posts
  • Joined 02-October 05
  • OS:Windows 8 x64
  • Country: Country Flag
You are talking about vista. With a different network stack, I dont think its going to be quite as easy as hex editing.

#12
Mr Snrub

Mr Snrub

    Former MSFT

  • Super Moderator
  • 775 posts
  • Joined 14-September 04
  • OS:Windows 8 x64
  • Country: Country Flag
Wow, this FUD is still doing the rounds...

Assuming that the issue is the outbound TCP/IP connection restriction brought in with XP SP2, no it is not "illegal" for Microsoft to implement a design change to their OS which you are running.

The article linked which "debunks the value" of the hotfix is erroneous also - it is not capping outbound connections at 10 per second, that would just create a bottleneck for genuine LAN-based activity.

The real change was to introduce a limit on the numer of OUTBOUND, HALF OPEN connections over the TCP protocol - at any given time there can be a maximum of 10 connections in the "SYN" (synchronize) state.
As soon as the TCP handshake has taken place to establish the session, the connection is no longer HALF open and does not count towards the limit.


So how does this help protect against worms?

An infected client machine attempts to connect to IP addresses, as it has no idea of where "real" potential victim machines might be - early worms simply worked their way up the subnet increasing the address 1 at a time, and later versions randomized it and had algorithms to favour infecting local machines but also attempt those in other subnets.
Pre-SP2, the client could use every single source port available in attempting to locate and infect other machines - around 64,512 - and it could send those requests as fast as the OS could forward them on.
Result: very rapidly-spreading worm

Now, say the worm still generates a list of addresses it is going to try to infect and runs on a post-SP2 system.
First of all the rate at which the connection attempts can be made is unrestricted, until the 10 "half open" limit is hit - in the case of this worm's behaviour it should cause the system to trip the limit almost immediately.
Let's say half of the 10 addresses were valid and completed the session setup request, now there are 5 more outbound TCP connetions that can be attempted and the next 5 in the list are tested.
Of these 5, only 2 respond, so the next 2 in the list are tested.
Let's say for argument's sake that the last 2 do not respond, so now the client has hit the limit of 10 half-open TCP connection attempts and will not make any more until at least 1 has timed out or completed.
Result: very slowly-spreading worm (not at a rate of "10 per second")


So why does this affect P2P so badly?

Very bad design of P2P, basically.
Users like to emply firewalls, which is great, only this makes their machines completely unresponsive to connection requests on unadvertised ports.
P2P clients obtain a list of peers and seeds for a given file, and then blindly attempt to connect to every single one of them to query them.
Result: If the first 10 in the list that the client tries to connect to are all firewalled (so never get the request) then the client is unable to send any more connection requests until at least 1 has timed out


The P2P system would benefit from using a "pingback" UDP method to first verify the connectivity and availability between peers, so that those behind NAT routers or using firewalls will not affect performance for everyone else quite so badly.

I don't believe Skype is affected by this issue, I have certainly not had any problems with it - probably as it is transmitting realtime data and so it can't waste time on peers that aren't able to assist with routing traffic.

My TechNet Blog
I have CDO. It's like OCD except the letters are in alphabetical order, as they should be.


#13
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,360 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag
Cluberti:

Of course I was talking about the outgoing conn. limit, first implemented by Microsoft in XP SP2, aka Event ID 4226. That's what the OP asked, although the discussion slipped towards XP a little.

I didn't know there was a limit on the inbound connections. Well, it might be the same as the familiar XP limit of 10 users connecting to the machine simultaneously (file and printer sharing AND/OR terminal services) - that's what it differentiates it from the Server. But a limit on ANY inbound tcp/ip connection is a different thing in my book. Oh well, I guess we could just go on living with it as before, as nobody has reported problems with that yet. Ignorance is sometimes bliss... and that confirms the old one "if you want server, buy server OS". :)

65535 is another funny number, apart from being nice round in hex, I don't know if there is any reason to limit the number of total connections... But if we accept the above logic of server vs workstation OS, no objections here.



Mr Snrub:

Very nice explanation, and very true. But, we may never know if it was effective and if, since its introduction, has saved millions of machines out there or not. I look at the issue (of virus busting) the other way around: yet today, if you check your firewall, you see tens of hits per minute. I think that pre-SP2 machines are still majority on the Internet (and infected SP2 machines). So, if you are the target, it makes no difference - you are still being hit, and if unprotected, this limit won't save you. Might be OK for the future, but by that time virus writers will catch up...

What is not OK is the manner of implementation (breaking existing programs) and the inability to turn it off. As I have said, I have witnessed with my own eyes how this thing cripples P2P on slow connections (although by that time, all P2P programs had configuration options to lower the number of conn. attempts per second - nevertheless, Event ID 4226 appeared almost instantly).

So, until new programs/protocols appear that implement the connection more robustly (as you suggest), we're stuck with what... 100s of P2P programs that we used until recently? Microsoft appeared to care about legacy applications in the past (even dragged DOS compatibility for decades), but now... Wait, wasn't it around SP2 when they introduced their own P2P protocol? Everything is just too convenient here.

GL

#14
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,360 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag
Sorry for double post, I just noticed this:

no it is not "illegal" for Microsoft to implement a design change to their OS which you are running.

While I agree with your conclusions/explanations and respect your knowledge, this sentence sent chills down my spine. With this concept I will never agree. Accepting the risk of being struck or worse for offtopic, I will just try to be short:

If you BUY a car, are you not allowed to open the hood? Are you not allowed to change oil yourself? Are you not allowed to install non-factory (better) parts (i.e. tires)? Are you not allowed to smash it into a wall if you feel like it (of course, assuming nobody gets hurt)? What have I bought when I bought XP?

Mr Snrub, nothing personal, it was not directed at you. I just see this much too often recently, I had to let it off my chest.

GL

#15
mats

mats

    Member

  • Member
  • PipPip
  • 206 posts
  • Joined 10-May 05
You can always reinstall the system with sp1 and not install any further updates if you wich.

For me as a corp. It-manager and programmer I must say it was a very good design change.

Take an aggresive virus like sasser and place it on corp net. With SP2, outbreak rate vill be much lower and therefore there will probly be bandwith left to fight the outbreak on. With SP1 it will consume everything directly.

When it commes to problems with p2p software: This is no backward compability issue. Twoway handshakes will never bee the right way of doing connections, it has never been either. It's pure bugs in that code that should have been fixed from the first day they wrote their apps.

#16
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag

If you BUY a car, are you not allowed to open the hood? Are you not allowed to change oil yourself? Are you not allowed to install non-factory (better) parts (i.e. tires)? Are you not allowed to smash it into a wall if you feel like it (of course, assuming nobody gets hurt)? What have I bought when I bought XP?

You are missing a VERY IMPORTANT distinction between the car and Windows - you are buying the car, but you aren't buying Windows at all. You are buying a LICENSE to USE Windows, and you don't own the source code or the actual OS binaries - nor can you legally do whatever you want with them (including bypass things like security mechanisms and built-in limitations, unless the methods or mechanisms to do so are provided you by Microsoft or an agent thereof). Therefore, at least in the US and certain other countries, you can indeed be legally limited in usage and functionality by the owner of the product you've licensed in almost any way they see fit (read that EULA you clicked yes to when you powered on your machine or agreed to when you installed Windows).

You're comparing apples to oranges in the car vs Windows analogy, and unfortunately for you if you don't like this arrangement your other options are open source or open source. Note that you get the same sort of EULA when you purchase MacOS - you don't own that either, and are under similar obligations and rights from Apple.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#17
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,360 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag

If you BUY a car, are you not allowed to open the hood? Are you not allowed to change oil yourself? Are you not allowed to install non-factory (better) parts (i.e. tires)? Are you not allowed to smash it into a wall if you feel like it (of course, assuming nobody gets hurt)? What have I bought when I bought XP?

You are missing a VERY IMPORTANT distinction between the car and Windows - you are buying the car, but you aren't buying Windows at all. You are buying a LICENSE to USE Windows, and you don't own the source code or the actual OS binaries - nor can you legally do whatever you want with them (including bypass things like security mechanisms and built-in limitations, unless the methods or mechanisms to do so are provided you by Microsoft or an agent thereof). Therefore, at least in the US and certain other countries, you can indeed be legally limited in usage and functionality by the owner of the product you've licensed in almost any way they see fit (read that EULA you clicked yes to when you powered on your machine or agreed to when you installed Windows).

You're comparing apples to oranges in the car vs Windows analogy, and unfortunately for you if you don't like this arrangement your other options are open source or open source. Note that you get the same sort of EULA when you purchase MacOS - you don't own that either, and are under similar obligations and rights from Apple.

Since this is heavily offtopic here, you could, as a moderator, split this topic if you (or anyone else) wants to continue this discussion. Although, I'm a little tired of bashing this to death. You can find loads of better arguments than I can ever provide on any good Free/Open Source website.

And, of course the current situation is as you (and others) describe. I never said the oposite. I was talking about how it SHOULD BE. It's a matter of principle. Eula is not a law, and that stuff...

On apples and oranges - both the car dealer and Microsoft are happy to take my money as good as they are. If I could say "Microsoft, you don't own my money. I just licence them to you" then I would stop complaining. :)

GL

#18
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag

On apples and oranges - both the car dealer and Microsoft are happy to take my money as good as they are. If I could say "Microsoft, you don't own my money. I just licence them to you" then I would stop complaining. :)

GL

Now THAT'S a funny one I've not heard before - bravo :)
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#19
war59312

war59312

    Will's Blog

  • Member
  • PipPipPipPipPip
  • 932 posts
  • Joined 07-June 02
So to answer the original question, NO there is no possible way to patch the tcp connection limit, yet! That clear enough. ;)
Ad Muncher Usage Statistics for v4.73 Beta Build 30552/2275
Adverts removed by Ad Muncher: 2,200,586
Approximate bandwidth saved: 17,192 MB
Counter started: April 2, 2003

#20
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,360 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag

So to answer the original question, NO there is no possible way to patch the tcp connection limit, yet! That clear enough. ;)

All that was needed was to wait for a couple of service packs :w00t:

SP2 removes the limit of 10 half open outbound TCP connections. By default, SP2 has no limit on the number of half open outbound TCP connections.

Yeah, it was a good idea... Right? :whistle:

GL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users